The Register® — Biting the hand that feeds IT

PGP Outlook plugin has major security hole

Relax, there's a patch

By Thomas C Greene in Washington DCGet more from this author

Posted in Software, 11th July 2002 11:35 GMT

Free whitepaper – PowerEdge M1000e, M600 and M605 spec sheet

A malicious e-mail can create a buffer overrun in Network Associates' PGP plugin for MS Outlook on Windows, which in turn can be used to run arbitrary code with the user's level of privilege. At a minimum this could compromise the user's passphrase and expose his encrypted messages, and at a maximum surrender control of the machine. Attachments do not need to be activated; merely selecting the malicious message is sufficient.

PGP Desktop Security 7.0.4, Personal Security 7.0.3 and Freeware 7.0.3 are affected. NAI has a hotfix posted here. The issue was discovered by eEye's Marc Maiffret. ®

Free whitepaper – Thermal design of Dell PowerEdge server

Popular Whitepapers

Don’t Miss

SunSun's surviving staff hit with 'motivation' missive

Exclusive Code: Your solace, our savior

Ubuntu teaser Ubuntu's Karmic Koala bares fangs at Windows 7

Review Shuttleworthian scrap

AppleChange your views: OS X tags exploited

Mac Secrets Apple windows insider

JavaSun preps cell-phone Java plan for netbooks

OpenWorld 09 Modules not globules